Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gluster vulnerabilities and exploits
(subscribe to this query)
2.1
CVSSv2
CVE-2017-15096
A flaw was found in GlusterFS in versions before 3.10. A null pointer dereference in send_brick_req function in glusterfsd/src/gf_attach.c may be used to cause denial of service.
Gluster Glusterfs
6.8
CVSSv2
CVE-2018-10924
It exists that fsync(2) system call in glusterfs client code leaks memory. An authenticated attacker could use this flaw to launch a denial of service attack by making gluster clients consume memory of the host machine.
Gluster Glusterfs
NA
CVE-2023-26253
In Gluster GlusterFS 11.0, there is an xlators/mount/fuse/src/fuse-bridge.c notify stack-based buffer over-read.
Gluster Glusterfs 11.0
2.1
CVSSv2
CVE-2020-10762
An information-disclosure flaw was found in the way that gluster-block prior to 0.5.1 logs the output from gluster-block CLI operations. This includes recording passwords to the cmd_history.log file which is world-readable. This flaw allows local users to obtain sensitive informa...
Redhat Gluster-block
3.6
CVSSv2
CVE-2012-4417
GlusterFS 3.3.0, as used in Red Hat Storage server 2.0, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.
Gluster Glusterfs 3.3.0
NA
CVE-2022-48340
In Gluster GlusterFS 11.0, there is an xlators/cluster/dht/src/dht-common.c dht_setxattr_mds_cbk use-after-free.
Gluster Glusterfs 11.0
2.1
CVSSv2
CVE-2020-10763
An information-disclosure flaw was found in the way Heketi prior to 10.1.0 logs sensitive information. This flaw allows an attacker with local access to the Heketi server to read potentially sensitive information such as gluster-block passwords.
Heketi Project Heketi
Redhat Gluster Storage 3.0
Redhat Gluster Storage 3.5
Redhat Openshift Container Platform 4.0
Redhat Enterprise Linux 7.0
9
CVSSv2
CVE-2019-3831
A vulnerability exists in vdsm, version 4.19 up to and including 4.30.3 and 4.30.5 up to and including 4.30.8. The systemd_run function exposed to the vdsm system user could be abused to execute arbitrary commands as root.
Ovirt Vdsm
Redhat Gluster Storage 3.0
7.5
CVSSv2
CVE-2012-4406
OpenStack Object Storage (swift) prior to 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote malicious users to execute arbitrary code via a crafted pickle object.
Openstack Swift
Fedoraproject Fedora 16
Redhat Enterprise Linux Server 5.0
Redhat Enterprise Linux Server 6.0
Redhat Storage 2.0
Redhat Storage For Public Cloud 2.0
Redhat Gluster Storage Server For On-premise 2.0
Redhat Gluster Storage Management Console 2.0
5.5
CVSSv2
CVE-2019-3880
A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba sh...
Samba Samba
Debian Debian Linux 8.0
Redhat Enterprise Linux 7.0
Redhat Gluster Storage 3.0
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Opensuse Leap 42.3
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »